The UK’s leading event for business growth, professional development and cyber security in the legal sector.

When Is The Show?

27th to 28th March 2019, ExCeL London

Doors: Wednesday 10AM - 5PM Thursday 10AM - 4PM

Is Cyber Essentials just for small businesses?

While it's true there is a version of the Cyber Essentials Level 1 questionnaire for micro businesses, and the main Cyber Essentials Level 1 questionnaire is aimed at businesses up to 250 users, the principles the scheme promotes are good cyber security hygiene for any business.

Many large businesses (for example in the nuclear sector) are now required to have Cyber Essentials certification, as are those who are involved in supplying the UK government with goods or services.

In Scotland, the Justice secretary recently announced that all 121 public sector organisations will be supported to achieve accreditation to the Cyber Essentials standard as a minimum requirement by 2018.

Cyber Essentials Plus offers a more comprehensive level of assurance by conducting automated penetration testing into your network to check for a wide range of known technical vulnerabilities - large business should be doing this as a matter of routine security practice anyway.

I would challenge businesses of any size to consider whether they are 100% happy with their current posture on:

• Firewalls

o are all the configurations audited and known-secure?

o Is every device running a host based firewall, especially those which spend time out of the office?

• Secure Configuration

o Are all your network devices configured with secure passwords?

o Are you certain there are no old, redundant user accounts configured anywhere on your network?

• User access control

o Is anyone in your IT department routinely logging in as a local or domain administrator?